Good hosts (like WebHostingBuzz) monitor their connections and can shut down ports during an attack. While that means that attacks are successful, it prevents damage to your website/database.

You can also help that a bit by blocking IP addresses (ranges, actually) but a well constructed DDOS attack can come from too many vectors to allow the few valid connections that are attempting to come through.

Most shared hosts will probably melt and shut off your website -- it will take down all 4000 other sites on the server. That is folding money, even at $3.99 a month.

Anyhow, we are on the short list of people certain groups don't like and I've been through at least one concentrated DDoS and probably a number of smaller ones. Also things like a slashdotting which can feel like a DDoS. The major attack lasted the bulk of the week, mainly because we (unlike the half dozen others targeted) did not admit we were under attack and in fact managed to stay up by and large. To be honest, the best thing in many cases is to just go down -- the only thing we got when we managed to stay up through said concentrated attack was to get a really nasty bandwidth bill. Rolling over and playing dead would have been more cost-effective in most senses.

The best defense we had was we knew their plan -- major DDoS attacks are publicly announced with an attack script. If you know where you are being hit you can take measures to kill that traffic inexpensively. IP address blocking doesn't help much -- really too hard to predict, especially without hurting legitimate traffic. Having a reverse proxy that can do very stateful HTTP inspections, as well as take the brunt of the attack helps alot. We could at least stop the proxy so we could operate the app server. Proxies also scale amazingly -- we took the entire force of the attack on a single 4-core IIS reverse proxy that was successfully serving a half dozen sites throughout the attack.